supply chain

Vijay Balasubramaniyan of Pindrop joins us to talk about it. And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month’s hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components.

Though the companies named in a blockbuster Bloomberg story have denied that China hacked into Supermicro hardware that shipped to Amazon, Apple and nearly 30 other firms, a recent demonstration at hacking conference in Germany proves the plausibility of the alleged hack.

In this week’s podcast: as 2018 winds down, we invited David Aitel, the Chief Security Technical Officer at Cyxtera Technologies, to talk about the biggest stories of the year, including the supply chain attack on Super Micro, China’s continued attacks on western firms, U.S. indictments of Russian and Chinese hackers and what 2019 may have in store.

Podcast: Play in new window | Download (Duration: 35:36 — 40.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#115), noted hardware enthusiast and hacker Joe Grand (aka “Kingpin”) told reporters from Bloomberg that finding an in-the-wild supply chain hack implanting malicious hardware on motherboards was akin to witnessing “a unicorn jumping over a rainbow.” They went with their story about just such an attack anyway. Joe joins us in the Security Ledger studios to talk about whether Bloomberg got it right. Also, Adam Meyers of Crowdstrike comes into the studio to talk about the U.S. Department of Justice indictment of seven Russian nationals. Adam talks about the hacks behind the charges and what comes next.

A report by Bloomberg alleging a massive operation by China’s Peoples Liberation Army (PLA) to plant spy hardware on servers used by some of the U.S.’s most high profile corporations is being refuted by tech vendors Apple as well as Amazon, who contend that no such compromises took place. The report written by Jordon Robinson and Michael Riley and released Thursday says that PLA agents implanted tiny surveillance chips on server motherboards manufactured by Super Micro Computer. The devices, no larger than a pencil tip, could give Chinese agents access to and control over critical hardware used by Apple Computer, Amazon and other large, U.S. firms, including financial services firms and intelligence agencies, the report says. [You might also want to read: Massive Facebook Breach Affects 90 Million Accounts] If true, the incident would be one of the most serious uses of a so-called “supply chain” hack, in which sophisticated adversaries […]